diff options
Diffstat (limited to 'auth-rsa.c')
| -rw-r--r-- | auth-rsa.c | 23 |
1 files changed, 11 insertions, 12 deletions
diff --git a/auth-rsa.c b/auth-rsa.c index 33cdb5dae..9b139c928 100644 --- a/auth-rsa.c +++ b/auth-rsa.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth-rsa.c,v 1.81 2012/10/30 21:29:54 djm Exp $ */ | 1 | /* $OpenBSD: auth-rsa.c,v 1.85 2013/07/12 00:19:58 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -164,9 +164,8 @@ static int | |||
| 164 | rsa_key_allowed_in_file(struct passwd *pw, char *file, | 164 | rsa_key_allowed_in_file(struct passwd *pw, char *file, |
| 165 | const BIGNUM *client_n, Key **rkey) | 165 | const BIGNUM *client_n, Key **rkey) |
| 166 | { | 166 | { |
| 167 | char line[SSH_MAX_PUBKEY_BYTES]; | 167 | char *fp, line[SSH_MAX_PUBKEY_BYTES]; |
| 168 | int allowed = 0; | 168 | int allowed = 0, bits; |
| 169 | u_int bits; | ||
| 170 | FILE *f; | 169 | FILE *f; |
| 171 | u_long linenum = 0; | 170 | u_long linenum = 0; |
| 172 | Key *key; | 171 | Key *key; |
| @@ -229,11 +228,16 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file, | |||
| 229 | 228 | ||
| 230 | /* check the real bits */ | 229 | /* check the real bits */ |
| 231 | keybits = BN_num_bits(key->rsa->n); | 230 | keybits = BN_num_bits(key->rsa->n); |
| 232 | if (keybits < 0 || bits != (u_int)keybits) | 231 | if (keybits < 0 || bits != keybits) |
| 233 | logit("Warning: %s, line %lu: keysize mismatch: " | 232 | logit("Warning: %s, line %lu: keysize mismatch: " |
| 234 | "actual %d vs. announced %d.", | 233 | "actual %d vs. announced %d.", |
| 235 | file, linenum, BN_num_bits(key->rsa->n), bits); | 234 | file, linenum, BN_num_bits(key->rsa->n), bits); |
| 236 | 235 | ||
| 236 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | ||
| 237 | debug("matching key found: file %s, line %lu %s %s", | ||
| 238 | file, linenum, key_type(key), fp); | ||
| 239 | free(fp); | ||
| 240 | |||
| 237 | /* Never accept a revoked key */ | 241 | /* Never accept a revoked key */ |
| 238 | if (auth_key_is_revoked(key, 0)) | 242 | if (auth_key_is_revoked(key, 0)) |
| 239 | break; | 243 | break; |
| @@ -283,7 +287,7 @@ auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) | |||
| 283 | file = expand_authorized_keys( | 287 | file = expand_authorized_keys( |
| 284 | options.authorized_keys_files[i], pw); | 288 | options.authorized_keys_files[i], pw); |
| 285 | allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); | 289 | allowed = rsa_key_allowed_in_file(pw, file, client_n, rkey); |
| 286 | xfree(file); | 290 | free(file); |
| 287 | } | 291 | } |
| 288 | 292 | ||
| 289 | restore_uid(); | 293 | restore_uid(); |
| @@ -300,7 +304,6 @@ int | |||
| 300 | auth_rsa(Authctxt *authctxt, BIGNUM *client_n) | 304 | auth_rsa(Authctxt *authctxt, BIGNUM *client_n) |
| 301 | { | 305 | { |
| 302 | Key *key; | 306 | Key *key; |
| 303 | char *fp; | ||
| 304 | struct passwd *pw = authctxt->pw; | 307 | struct passwd *pw = authctxt->pw; |
| 305 | 308 | ||
| 306 | /* no user given */ | 309 | /* no user given */ |
| @@ -330,11 +333,7 @@ auth_rsa(Authctxt *authctxt, BIGNUM *client_n) | |||
| 330 | * options; this will be reset if the options cause the | 333 | * options; this will be reset if the options cause the |
| 331 | * authentication to be rejected. | 334 | * authentication to be rejected. |
| 332 | */ | 335 | */ |
| 333 | fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); | 336 | pubkey_auth_info(authctxt, key, NULL); |
| 334 | verbose("Found matching %s key: %s", | ||
| 335 | key_type(key), fp); | ||
| 336 | xfree(fp); | ||
| 337 | key_free(key); | ||
| 338 | 337 | ||
| 339 | packet_send_debug("RSA authentication accepted."); | 338 | packet_send_debug("RSA authentication accepted."); |
| 340 | return (1); | 339 | return (1); |